Warning: THE VOID WIKI IS DEPRECATED. It is no longer being maintained, contains outdated and incorrect information, and will eventually be shut down. Please refer to the Void Handbook, https://docs.voidlinux.org/, for the official documentation. If you can't find the information you're seeking, please raise an issue at https://github.com/void-linux/void-docs/issues

Firewall Guide

From Void Linux Wiki
Revision as of 02:22, 29 August 2017 by GreattoBeGrateful (talk | contribs) (Moved ufw to Firewall Configuration)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Icon delete.svgThis section (or entire page if this is at the beginning of it) has been marked for removal.

Reason: This page should be either removed or merged with Firewall Configuration (Discuss in Talk:Firewall Guide#)


First off, install the iptables package:

# xbps-install iptables

Now let's set up our firewall configuration:

 # Set default chain policies
 iptables -P INPUT DROP
 iptables -P FORWARD DROP
 iptables -P OUTPUT ACCEPT

 # Accept on localhost
 iptables -A INPUT -i lo -j ACCEPT
 iptables -A OUTPUT -o lo -j ACCEPT

 # Allow established sessions to receive traffic
 iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT

 # Allow SSH remote
 # iptables -I INPUT -p tcp --dport 22 -j ACCEPT
 iptables-save > /etc/firewall.conf


# Generated by iptables-save v1.4.21 on Mon Oct 27 16:52:51 2014
:INPUT DROP [1:52]
:OUTPUT ACCEPT [518:49547]
-A INPUT -i lo -j ACCEPT
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
# Completed on Mon Oct 27 16:52:51 2014


iptables-restore < /etc/firewall.conf
chmod +x /etc/sv/iptables/run
ln -s /etc/sv/iptables /var/service/

Reboot and test

$ sudo iptables -L -n
 Chain INPUT (policy DROP)
 target     prot opt source               destination         
 ACCEPT     all  --             
 ACCEPT     all  --              ctstate RELATED,ESTABLISHED

 Chain FORWARD (policy DROP)
 target     prot opt source               destination         

 Chain OUTPUT (policy ACCEPT)
 target     prot opt source               destination         
 ACCEPT     all  --